Abstract: A method for preventing transmission of malicious data may include receiving transaction data including at least one packet associated with a payment transaction; extracting at least one of network layer data or transport layer data from a header of the at least one packet; determining a first probability indicating that the at least one packet is in a first class based on the at least one of the network layer data or the transport layer data using a classifier. The method may also include determining a second probability indicating that the at least one packet is in a second class based on the at least one of the network layer data or the transport layer data using the classifier; and blocking the at least one packet. A system and a computer program product are also disclosed.

Abstract: A system for data encryption includes any or all of: a set of items, a set of keys, and a server. A method for data encryption includes any or all of: encrypting items, sharing items, and reading items. The method can optionally additionally or alternatively include any or all of: performing a registration process, creating items, restricting access of users and/or supplementary systems to items, and/or any other suitable processes.

Abstract: A vehicle key programming system and method for chip reading and writing, key and remote programming and remote frequency testing. The system tracks programming usage when not connected to system servers and reports such usage upon connection. Immobilizer algorithms are chosen to program and such algorithms are optimized with each attempted use.

Abstract: Techniques for training data protection in an artificial intelligence model execution environment are disclosed. For example, a method comprises executing a first portion of an artificial intelligence model within a trusted execution area of an information processing system and a second portion of the artificial intelligence model within an untrusted execution area of the information processing system, wherein data at least one of obtained and processed in the first portion of the artificial intelligence model is inaccessible to the second portion of the artificial intelligence model. Data obtained in the trusted execution area may comprise one or more data samples in an encrypted form usable to train the artificial intelligence model.

Abstract: A method for enhancing detection of synthetic speech is provided that includes the step of receiving, by an electronic device, voice biometric data of a user captured while the user was speaking and analyzing the context in which the received voice biometric data was captured. The context includes environmental and situational factors. Moreover, the method includes the steps of analyzing characteristics of the received voice biometric data for anomalies associated with synthetic speech, generating a risk score based on the results of the analysis, and comparing the risk score against a threshold value. In response to determining the risk score fails to satisfy the threshold score, the method includes a step of determining the captured voice biometric data includes anomalies associated with synthetic speech and initiating an alert protocol.

Abstract: A method which comprises storing a readable identifier, which identifies a semiconductor product, and a unique key, being unique for said semiconductor product or for a group of semiconductor products, in a memory of said semiconductor product, generating an initial security data structure, said initial security data structure depending on a root key and on said unique key, wherein both said root key and said unique key are assigned to said semiconductor product, and wherein said initial security data structure is assigned to said readable identifier, and supplying said initial security data structure to said semiconductor product for further processing.

Abstract: Establish a secure connection from a device to a server by, at the device: sending a shared secret request (SSRq) and an obfuscated secret value of the device to the server, wherein the SSRq is encrypted by a symmetric rolling key known to the device and to a trusted authority but not known to the server and the SSRq incorporates a symmetric key for decrypting the device's obfuscated secret value; receiving a shared secret response (SSRs) and an obfuscated secret value of the server, wherein the device's symmetric rolling key encrypts the SSRs and the SSRs incorporates a symmetric server obfuscation key for decrypting the server's obfuscated secret value; calculating a shared secret by hashing a concatenation of the device's secret value and the server's secret value; generating a symmetric session key based on the shared secret; and establishing the secure connection using the symmetric session key.

Abstract: Systems and methods for enrolling and authenticating a user in an authentication system via a camera of a computing device include capturing and storing biometric information from at least one first image and at least one second image of the user taken via the camera. Prior to use, the user answers personal questions and the answers are stored as stored answer data. Later, such as at a business, the questions are presented to the user and the user provides their personal answers via a computing device. The answers are processed and uploaded to an authentication server where a comparison occurs against the stored answer data. If a match does not occur, then the authentication/identity verification processes ends. If a match does occur, then the authentication process continues. The questions match may serve as a gate function for accessing authentication data stored in a blockchain.

Abstract: A technique for selectively scrambling data obtained by electronic sensor devices, such as cameras, voice communication devices, and the like, is provided. A payload of the data is scrambled when one or more characteristics of the data indicate that the data may include sensitive information. The scrambled data is transmitted to a target device.

Abstract: An attack control device according to an embodiment is provided with a storage unit and one or more hardware processors configured to function as a selection unit, a determination unit, and a calculation unit. The storage unit associates and stores a normal communication data model representing a model of communication data of a normal system, with each network segment. The selection unit specifies the network segment based on the communication prediction data predicted upon execution of the attack scenario and selects the normal communication data model associated with the network segment. The determination unit determines the similarity degree between the normal communication data represented by the normal communication data model, and the communication prediction data. The calculation unit calculates an effectiveness degree of the attack scenario to be higher as the similarity degree is higher.

Abstract: Aspects of the disclosure relate to detecting and preventing botnet attacks using client-specific event payloads. A computing platform may receive a request to access data within an enterprise organization. The computing platform may monitor the movement of peripheral devices that are used to populate the data access request and may detect an event associated with each movement. The computing platform may generate an alpha-numeric event code and an alpha-numeric user interface code for each event, determine the location of each event, and categorize each event. The computing platform may generate a client-specific event payload using the unique alpha-numeric codes and the location and categorization of the event. The computing platform may generate a simulated client event payload using the unique alpha-numeric codes. The computing platform may determine whether to approve or deny the data access request based on whether the client-specific event payload matches the simulated client event payload.

Abstract: A technique for selectively sending encryption keys is provided that encrypts user data generated as a result of a user interacting with a user device. The encrypted user data may be sent to one or more target devices associated with a third party. When the one or more target devices are authorized to receive an encryption key, the encryption key to decrypt the encrypted user data may also be sent to the one or more target devices.

Abstract: A computer system is configured for digital rights management for distributing and tracking downloadable proprietary source code defining a 3-D object and being usable to print the object on a 3D printer and protect the 3D object data from unauthorized printing. The computer system stores an inventory of proprietary source code corresponding to designs of a plurality of 3D objects, and enables a user to see the inventory of designs of the plurality of 3D objects in an online store, and permits the user to securely purchase use of the source code of a desired 3D object viewed therein. The computer system sends the proprietary source code defining the desired 3D object to a 3D printer, and controls printing of the desired 3D object made by the 3D printer to prevent further use of the source code when the purchased use in completed, using one of three different typologies.

Abstract: A block chain defining authority and access to confidential data may not be encrypted, and the access to the block chain can be regulated by the block chain itself and an access control server operating in an enterprise information technology (IT) environment. To incorporate authority defined in multiple sources, such as the block chain and the access control server, a token can be created containing multiple layers of permissions, i.e. constraints, coming from multiple sources. Each additional permission attenuates the authority granted by the token. When a processor controlling the access to the block chain receives the token, the processor can check the validity of the token and the authority granted by the token to determine whether the requester is authorized to access at least a portion of the block chain.

Abstract: A plurality of distributed network nodes may provide a decentralized access gateway to multiple, diverse types of databases. The plurality of distributed network nodes may host a private party blockchain. Each node may execute a peer-to-peer (P2P) client to perform operations associated with the private party blockchain. A subset of the nodes may be configured as validator nodes that may implement gossip protocols to cooperatively validate one or more database operations and generate a new block for the private party blockchain. Another subset of nodes may be configured as host nodes that may receive the new block and update a corresponding local copy of the private party blockchain appending the new block. Utilizing the co-operative validation of database operations and the updates appending the new blocks, the private party blockchain may maintain an immutable digital record of access and updates to the multiple and diverse types of databases.

Abstract: The present disclosure relates to systems, methods, and computer-readable media for enhancing security of communications between instances of clients and servers while enabling rotation of server certificates (e.g., X.509 certificates). The systems described herein involve updating a client list of server certificates (e.g., a certificate thumbprint) without reconfiguring or re-installing a client and/or server application, starting a new session (e.g., a hypertext transfer protocol secure (HTTPS) session), or deploying new code. The systems described herein may passively or actively update a client list of certificates to enable a client to security verify an identity of a server instance in a non-invasive way that boosts security from man-in-the-middle types of attacks.

Abstract: A decoding apparatus having a non-transient memory in which is stored an electromagnetic signal representative of data which were encrypted relying on the difficulty of computing discrete logarithms. The decoding apparatus has a computer in communication with the memory that decodes the encrypted data in the memory by computing the data's discrete logarithm. The decoding apparatus has a display on which the decoded encrypted data are displayed by the computer. A method for decoding.

Abstract: Systems and methods for authenticating a user in an authentication system using a computing device configured to capture authentication biometric identity information. The authentication biometric identify information captured during an authentication session. The authentication biometric identify information may comprise or be derived from one or more images of the user being authenticated. The authentication biometric identify information is compared to root identify biometric information. The root identify biometric information is captured from a trusted source, such as trusted devices located at trusted locations, such as a government entity, financial institution, or business. Identity verification may occur by comparing the trusted root identify biometric information to the biometric identify information captured during an authentication session. Liveness determination may also occur to verify the user is a live person.

Abstract: In one example an apparatus comprises a computer readable memory, an XMSS verification manager logic to manage XMSS verification functions, a one-time signature and public key generator logic, a chain function logic to implement chain function algorithms, a low latency SHA3 hardware engine, and a register bank communicatively coupled to the XMSS verification manager logic. Other examples may be described.

Abstract: A generic wireless device management system and a method for operating the management system in a controlled environment is disclosed. The enterprise management system includes a generic wireless device and a generic provisioning server. The generic wireless device, which is initially in a generic blank state, coordinates with the generic provisioning server to authenticate an inmate and to load an inmate profile. After loading the inmate profile, the generic wireless device provides access to content specific to the inmate. After the inmate signs out of the generic wireless device, the generic wireless device is returned to a generic blank state.